-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
On the 9th December 2006 in NetBSD-current and on the 17th February 2007
in netbsd-4 (via a pullup) a set of changes were introduced into NetBSD
for improvements to vnode locking and path lookup. On the 20th July
2007 the NetBSD Security Officer team became aware of a security issue
caused by these changes.
Systems are only vulnerable to this issue if you have procfs mounted.
This vulnerability does not exist in the NetBSD 2.x or 3.x code bases.
However, NetBSD-current and netbsd-4 were found to be vulnerable.
This issue was fixed in the NetBSD CVS tree on the 22nd July 2007 for
NetBSD-current and 23rd July 2007 for netbsd-4.
Users currently running NetBSD-current from sources before 22nd July
2007 or netbsd-4 from sources before 23rd July 2007 are advised to
update their sources.
Thanks To
=========
Matthias Scheler, Antti Kantee and David Holland for helping to resolve
this issue.
On behalf of security-officer@,
adrian.
-----BEGIN PGP SIGNATURE-----
iD8DBQFGrNU9Lc2rR0mnFJ8RAn7+AJsHQSD9CjqUdzqn4R4bl/6p2w3UMACgwW6W
8PjFA+rIG4dEq3DQUQXXxac=
=xu6J
-----END PGP SIGNATURE-----